It’s been a big month for the smartphone market, between the introduction of the latest iPhones, the acquisition of Nokia by Microsoft and the news that RIM is officially for sale. While this news may only affect most solution providers tangentially, it may help boost the growth of the complementary mobile technologies they promote and support.
Of course, as more and more businesses leverage the benefits of smartphones and other portable, Internet-enabled devices, the opportunities for skilled professionals to manage those aspirations will also continue to grow. With a rising number of organizations allowing their employees to use personal phones and tablets in the corporate IT environment, the demand for solution providers with BYOD experience has never been higher.
It sure seems like a natural fit for VARs and MSPs, who have the mobility and security experience and the desire to support these solutions. After all, who is better positioned to not only uncover the unique needs and enable the wide array of mobile devices, but to manage these multifaceted systems and applications? While many channel experts and research firms acknowledge that solution providers have the skills and understanding to capture a large percentage of BYOD implementations, a growing number of industry pundits are questioning the technology.
Should VARs and MSP really be recommending that their business clients implement these types of policies? While the industry has shown that BYOD can be successfully implemented in a wide variety of organizations, the concern begins as soon as an IT professional returns an enabled device to its owner. The human element is the biggest unknown with any policy, whether it’s the introduction of a new technology or a change in security procedures. That’s a major concern for MSPs and VARs that offer BYOD programs. If a client’s employee doesn’t follow the rules with his device and it leads to security breach, the solution provider may be blamed to some extent. When a smartphone or tablet is used for personal use outside the workplace, it’s extremely difficult to limit the sites and content the users have access to.
When a worker uses the same device to log onto the company’s business systems, it could introduce viruses and other malware that could slow network operations or cause more serious damage. While a well-designed BYOD program will account for these threats, all it takes is one employee shortcut to derail the process.
The liabilities can be even greater for fully remote workers. Consider two key findings from the “IDC Worldwide Mobile Worker Population 2011–2015 Forecast”: (1) 71 percent of SMB organizations consider themselves work-from-anywhere businesses and (2) IDC projects the mobile worker population to reach 1.3 billion by 2015. That’s a huge shift in the workplace, especially for those charged with managing the network. Even with a VPN and other measures in place to control access and protect the systems, network-enabled devices located outside company offices are more susceptible to security breaches. While many remote employees adhere closely to company directives, others have been known to skip or delay computer best practices and system updates and are more likely to avoid the scrutiny of the tech support team. That can lead to further complications when businesses introduce a BYOD policy into that already uncertain mix.
It all comes back to the legal liabilities surrounding a technological program with significant room for error. Many businesses can and will remain diligent in their approach to BYOD and can effectively implement it throughout their organization. But they still have to ask themselves if the benefits truly outweigh the costs and associated risks. Just one unlocked smartphone left behind on a bus could lead to a major security breach, allowing an unauthorized person to access personal information or critical business systems.
The liability from one misstep in protection procedures could be quite substantial, from significant fines to major lawsuits, as well as costly legal fees. And with the latest compliance measures, culpability can be extended from the business to any solution provider that had a hand in the implementation or support of a system where a breach occurs. That may seem incredibly unfair, especially when the incident was the result of a rogue employee, but guilt by association happens to specialized professionals – such as doctors and engineers – every day. Liability casts a wide net and those involved in the process will typically bear some responsibility; especially when that failure breaks a statute or damages an individual or group.
Those are some of the issues every solution provider and vendor needs to address before joining the BYOD revolution. If they can’t ensure that their security measures are foolproof, even when their clients’ employees skip updates or abuse the required procedures, then the legal and financial liabilities may far outweigh the advantages of BYOD implementations. As Kyp Walls, director of product management at Panasonic, suggested at the recent CompTIA Mobility Community Meeting; “the future of BYOD is not BYOD,” since the challenges are serious enough that the programs may fade rather quickly.
Based on these observations, which are echoed by others in the mobility field, solution providers should invest more time and energy in advanced applications and implementations. Whether you agree or disagree with their reasoning, there are a variety of other mobility opportunities for VARs and MSPs to choose from, according to the CompTIA’s second annual Trends in Enterprise Mobility study. That list includes mobile app development, all-inclusive security services, mobile device management (MDM) and general/field support.
Brian Sherman is founder of Tech Success Communications, specializing in editorial content and consulting for the IT channel. His previous roles include chief editor at Business Solutions magazine and senior director of industry alliances with Autotask. Contact Brian at [email protected].
